Several aspects of the cybersecurity industry are causing more polarizing reactions than using venture capital to fund startups.
On the one hand, startup founders seek the attention of investors with the brutality of authors looking for publishers. Without investment capital, new companies cannot develop properly, especially if their technology requires a period of long latent development before any customer income.
On the other hand, security professionals tend to show warm, even hostile, emotions towards investors. This should come as no surprise when you consider that venture capitalists can be seen as wealthy by betting on the technology needed to protect citizens and businesses from attack.
However, one fact that everyone agrees with is the staggering growth of total investment in this segment. According to Statista, the size of the venture capital market is for cybersecurity rose to $ 21 billioncompared to about $ 9 billion a year earlier.
Another fact that everyone agrees on is the common interests of investors, founders and practitioners: investing ultimately leads to good decisions. The technologies that are funded range from methods of ridding the world of passwords to machine learning that predicts where the next threats will arise. Everyone will benefit if these investments are successful because the risks of attack increase day by day.
The ongoing conflict in Ukraine, for example, is introducing national-state offensive cyber-campaigns aimed at business and civic groups around the world – maybe to target enemies, maybe just create chaos. New commercial security products and services will be needed to mitigate this potentially dangerous and growing risk.
Over the past few years, my team has met with more than 2,000 cybersecurity startups, many of which are supported by venture capital. In the course of our work, we have identified three main factors that seem to correlate with commercial success in the cybersecurity market. When I share my observations with venture capital teams, they often do not match the typical investment valuation formula. Most venture capital teams tend to be fascinated by factors such as the aggregate market size for a given company, the problem being solved, the types of competitors that exist, and so on. While these are important issues, I don’t think they are key to success.
Accordingly, the following is a summary of the three factors that my team and I use in our work to advise security professionals which startups should consider for a long-term partnership.
Factor 1: The belief system
When we ask founding teams what they believe in and why they started their business, their answer is often covered by some confusing description of what they do. This empty and circular reflection on the creation of a campaign “to stop threat X because the world needs to stop threat X” is not enough to communicate with customers domestically.
In contrast, consider the system of beliefs of retired Army General Keith Alexander, co-founder of IronNet Cybersecurity, who recently completed a successful SPAC. If you ask founders such as General Alexander why they set up the company, they will point to their lifelong commitment to defending their country, in uniform, on the battlefield or in virtual networks.
Such personal belief systems are associated with buyers. In fact, a useful exercise for founders is to explain why they set up their company without ever mentioning their product. It is a very painful experience because it reveals the true purpose of their campaign. Good luck to the startup, which can be called the reason for its existence only to make money.
Factor 2: Attention to design
When we ask a startup to describe their company, we usually see one of two approaches. For one thing, the team will take us to hell with PowerPoint with chart after chart of buzzwords, scattered clips and pointless quotes. The platform charts in these presentations are usually randomly cut and pasted by engineers as if the technology was conceived.
On the other hand, we sometimes find a startup that understands the value of design. In such cases, we see a carefully crafted top-down story along with the combined contributions of platform developers, marketing team and steering team. If done correctly, the only word that comes to mind is elegance. And it’s not just the elegance of technology, but also the overall history.
Take, for example, SentinelOne. When we first encountered this now a state-owned enterprise, we were impressed by their attention to detail in explaining their behavioral analytics. This technique involves establishing what behaviors are considered normal and then beating the alarm if something looks unusual. It was obvious to us that a lot of time and effort had been spent on developing their clear messaging.
And just like the quality, the elegance of the design in any solution (think Apple) is hard to define – but you certainly know it when you see it.
Factor 3: Knowledge of the area
Finally, we always ask founders to share their experiences with new company addresses. The worst reactions come from serial entrepreneurs jumping aboard safety steps from some unrelated area. Cybersecurity is a complex arena, and poor domain knowledge will eventually catch up with inexperienced founding teams.
The best reviews come from startup leaders who have dedicated their lives to their chosen discipline. A favorite question we like to ask is whether the founder will continue to do what he does for free. Only a select group of founders can honestly answer this question – and it is on them that you can bet.
Consider Sanjay Berryfounder of Netskope; Nir Zuk, founder of Palo Alto Networks; and Ken Se, founder of Fortinet. Each of these successful entrepreneurs would certainly continue to do exactly what they are doing now, even if they have never earned a penny. Buyers are associating with this type of domain, and investors need to consider this essential factor.